When we generate our keys later, the default Diffie-Hellman encryption length for Easy RSA will be 2048 bytes, so we need to change the dh filename to dh2048.pem.

# dh dh2048.pem

and change other configuration as shown below

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

user nobody
group nobody

save the configuration

create a directory for the keys to go in.

# mkdir -p /etc/openvpn/easy-rsa/keys

copy the key and certificate generation scripts into the directory

# cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

open vars file

# vi /etc/openvpn/easy-rsa/vars

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="youremail@your-domain.com"
export KEY_OU="MyOrganizationalUnit"

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
export KEY_CN="openvpn.yourdomain.com"

We're going to do this by copying the required configuration file and removing the version number.